All of lore.kernel.org
 help / color / mirror / Atom feed
From: Marek Kierdelewicz <marek@piasta.pl>
To: Andrey <andrey@cs.dal.ca>
Cc: netfilter@vger.kernel.org
Subject: Re: iptables in promiscuous mode
Date: Thu, 7 Jul 2011 21:15:45 +0200	[thread overview]
Message-ID: <20110707211545.421c89e5@catus> (raw)
In-Reply-To: <CAPR6_RB_BnxGoozDoQzyNS+Un3pERyYjpxgFHe1orMhMfj7DqQ@mail.gmail.com>

>Hello,

Hi,

>I have traffic that was captured in promiscuous mode, therefore it is
>not destined to my computer.
From what I understand netfilter/iptables does not work in promiscuous
>mode therefore it will not see the traffic when I replay it.

It looks like ruleset test scenario.

Option1) 

You can change mac address and/or ip address of a host you replay
traffic to to the values of original recipient of the traffic. That way
traffic should hit all apropriate netfilter hooks.

Option2)

You can:
- create bridge br0 with eth0 and tap0 up and attached to it,
- set br0 to act as a hub:
echo 0 > /sys/class/net/br0/bridge/ageing_time
- enable netfilter for bridged traffic
echo 1 > /proc/sys/net/bridge/bridge-nf-call-iptables
- feed replayed traffic to eth0

You should see traffic passing some netfilter chains, but you won't see
much in INPUT/OUTPUT of filter table. Most (all) of the traffic will be
treated as forwarded, not as received localy.

Best regards,
Marek Kierdelewicz

      parent reply	other threads:[~2011-07-07 19:15 UTC|newest]

Thread overview: 3+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2011-07-05 16:05 iptables in promiscuous mode Andrey
2011-07-07 17:03 ` Emilio Lazo Zaia
2011-07-07 19:15 ` Marek Kierdelewicz [this message]

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20110707211545.421c89e5@catus \
    --to=marek@piasta.pl \
    --cc=andrey@cs.dal.ca \
    --cc=netfilter@vger.kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.